/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Dear Jeff, Thanks you, Raf and Candor for your help. You were right, the syntax in my rc.local file was incorrect. I had it echo something before executing the line /etc/rc.d/rc.firewall Something was incorrect with my echo sytnax. I eliminated it and rebooted the server, and it works fine now. Thanks for your help! Francisco ---------------------------- Check the execution line for "rc.firewall" in "rc.local" and verify you don't have a typo, and that you have the full path specified. Line should be: /etc/rc.d/rc.firewall I recommend you have it at the end of the Script, rather than within the "if" block which consumes most of the Script. Verify that "/etc/rc.d/rc.local" has not had it's permission mask changed. It should be 755 (rwxr-xr-x). Next, verify that "rc.local" has not been accidently removed from System Initialization. Depending on your "Run-Level", identified in "/etc/inittab" (for Multi-User, X-Windows, this would be 5), you should have a Symbolic Link (S99local), pointing to "/etc/rc.d/rc.local". Perform a simple test and execute rc.local from a Console/X-Term Window. Once you get it successfully working in a Console Window it should work if you run a boot. I recommend you add "ECHO" statements in the Firewall to identify that you are executing the Script. I am running a similar configuration with RH6.2. If you wish, I can send you my Firewall Script. It gives you some more examples of how to enable/disable specific Services, as well as, dynamically acquires the IP Addresses, NetMasks, etc.. for the Interfaces you define. Jeff ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "raf" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, April 24, 2001 07:13 Subject: Re: [Masq] suspected problem with rc.firewall fill > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! > /* ALSO: Don't quote this header. It makes you look lame :-) */ > > > Thans Raf and Candor for replying, > > The firewall file did have 1 echoed to ip_forward, ip_always_defrag and > ip_dynaddr files. The actual file: > http://www.ithaca.edu/soria/rc-firewall.html > > I tried the echo 1 > .... comands with and without "1" quotes arround the > 1, however none of these files get changed from the defaults of 0 to 1. > Should I manually go in and change the files, or is there some other > modification I need to do to my rc.firewall file, which I am not aware of. > All I did to the rc.firewall file was to make it executable and modified > the /etc/rc.d/rc.local > file. Should I modify these files by hand? > > The win host does have as its default gateway the linux server > (192.168.0.1). > > Thanks, > > Francisco > > On Tue, 24 Apr 2001, raf wrote: > > > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! > > /* ALSO: Don't quote this header. It makes you look lame :-) */ > > > > > > Francisco X. Soria wrote: > > > > > Hi! > > > > > > I stuck on the last set of tests for ip masq. I have a RH 6.2 server masquing > > > for a win 98 pc. I followed all the how to steps, and from the server, I can > > > ping both the static eth0 (192.168.0.1) and the DHCP eth1 (66.24.1.248) > > > interfaces, and to the win 98 pc (192.168.0.2). From the win 98 pc I can ping > > > its own ip, and both the eth0 and eth1 interfaces of the server, however I can > > > not ping external ip addresses from the internet from the win pc. I can > > > however ping external ip addresses from he linux server. > > > > > > I enabled networking + FORWARD_IPV4 in the network file and configured the > > > rc.d document as specified in the HOWTO. The windows 98 client has linux > > > server (192.168.0.1) set up as its primary gateway and has its Domain defined > > > as twcny.rr.com with appropriate DNS servers. > > > > > > I have read through the HOWTO and through the mailings but could not find an > > > answer. I suspect it may have something to do with what I did with the rc.d > > > file. I made the file executable and added the following to the > > > /etc/rc.d/rc.local file: echo "Loading the rc.firewall ruleset.." > > > /etc/rc.d/rc.firewall > > > > > > I rebooted the machine but I noticed the /proc/sys/net/ipv4/ip_always_defrag > > > file that was supposed to be modified by the script was not modified to show a > > > 1 instead of a 0, not even after reboot. Since I am a novice, I am not sure > > > if there is anything else I have to do to the file or if this is even the > > > problem. If you have any sugestions or could point me to some additional > > > readings, I would greatly appreciate it. Thanks in advance! > > > > > > my system info can be viewed at: http://www.ithaca.edu/soria/system.html > > > > > > Best Regards, > > > > > > Francisco Soria > > > > what are the contents of /proc/sys/net/ipv4/ip_forward? > > it should be 1, not 0. this behaviour sounds like it's 0. > > although setting FORWARD_IPV4 should make it 1. > > > > raf > > > > _______________________________________________ > > Masq maillist - [EMAIL PROTECTED] > > Admin requests can be handled at http://www.indyramp.com/masq-list/ -- > > THIS INCLUDES UNSUBSCRIBING! > > or email to [EMAIL PROTECTED] > > > > PLEASE read the HOWTO and search the archives before posting. > > You can start your search at http://www.indyramp.com/masq/ > > Please keep general linux/unix/pc/internet questions off the list. > > _______________________________________________ > Masq maillist - [EMAIL PROTECTED] > Admin requests can be handled at http://www.indyramp.com/masq-list/ -- > THIS INCLUDES UNSUBSCRIBING! > or email to [EMAIL PROTECTED] > > PLEASE read the HOWTO and search the archives before posting. > You can start your search at http://www.indyramp.com/masq/ > Please keep general linux/unix/pc/internet questions off the list. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
